updated 05:25 pm EDT, Mon May 5, 2014

Steinhafel leaves Target after 35 years of service

The head of retail chain Target has stepped down from his position. Gregg Steinhafel has agreed with the board of directors to resign as president, CEO, and chairman of the board with immediate effect, five months after the company revealed a data breach had occurred, putting at risk the credit card information of up to 40 million customers, and sensitive information for up to 70 million accounts.

Steinhafel spent a total of 35 years at the company, leading Target through the recession, dealing with issues with the chain's expansion into Canada, and more recently, dealing with the data breach. The board thanks him for his leadership, and is replacing Steinhafel with interim president and CEO John Mulligan, currently the chief financial officer, with current board member Roxanne S. Austin becoming the interim non-executive chair of the board. Steinhafel has been asked to stay onboard in an advisory capacity for the transition period.

Gregg Steinhafel

A letter to the board from Steinhafel states it has been an "honor and a privilege" to lead the company, and conceded "the last several months have tested Target in unprecedented ways." Steinhafel writes that the company has "already begun taking a number of steps to further enhance data security, putting the right people, processes and systems in place" following the intrusion.

The breach saw card information for transactions between November 29th and December 15th being pulled, including "strongly encrypted PIN data," names, mailing addresses, phone numbers, and e-mail addresses. It was later claimed that Target was alerted to a potential fault on November 30th, but no data was taken, and that features of its security suite were disabled, features that would have removed the infection and prevented its spread throughout the payment system. Various other alerts and alarms were issued around the same time, including some with the highest-priority warning associated with it, though these were evidently ignored by Target's security personnel.